top of page
Writer's pictureSean Foley

Creating Value by Modernizing Cybersecurity: Getting to SOAR

A structured approach to Security Modernization in 4 parts


In today’s digital landscape, cybersecurity is about more than just protection—it’s about unlocking value. It’s a given that a modern cybersecurity approach shields your organization from threats, but it should also enhance efficiency, empower innovation, and support, rather than inhibit business growth. A structured approach to cybersecurity modernization should focus on automation, identity-based security, observability, and evolving the culture and operating model. On the journey to a modern security function, these key waypoints each increase capacity by reducing toil and streamlining processes that used to be seen as roadblocks and chokepoints on business growth. We’ll explore each of these waypoints over a few blog posts. Let’s start with Automation.



The Automation Continuum: From IaC to SOAR

Automation is crucial in modern cybersecurity, but many organizations don’t take it far enough and miss out on greater efficiency gains. While not everyone is going to deploy comprehensive SOAR (Security Orchestration and Automated Response) capabilities, you should have it as an aspirational goal.  That journey starts through the adoption of Infrastructure as Code (IaC) to automate the provisioning and management of your infrastructure. This ensures consistency and reduces human error. IaC enables the creation of hardened, compliant infrastructure images, streamlining deployments and setting a foundation for your vulnerability management program.


However, don’t stop at infrastructure automation but integrate security into your DevOps pipelines, automating the deployment of your security stack (application tracing, endpoint protection etc.) and executing security scans at each stage of development. Ensure that these processes are seamlessly integrated, with teams actively collaborating throughout.  (More to come on this later)


Automating the infrastructure and deployment pipeline creates a new threat vector: your image and application repositories. Secure and monitor those and, layer in automated, continuous compliance checks ensures that your infrastructure and applications consistently adhere to regulations and security policies, reducing the toil of manual audits.

Surprisingly, many enterprises only partially follow these automation fundamentals which perpetuates a drag on operational efficiency: Manual or ad hoc compliance checks, security validations or security tool stack deployments.

Early Stage SOAR

Getting the foundations in place with hardened images, automated scanning and continuous compliance enables the ability to automate response when problems appear. For example. isolating a host that fails a compliance check is an automated response: it’s SOAR, with a limited scope.


The larger scope for SOAR is really about workflow automation across the security operations tool landscape. Automating those workflows such as incident assignment, case management, notification and escalation across the security tool estate is where the evolution of human-machine collaboration starts to accelerate efficiency gains. For example, a SOAR system can automatically isolate a compromised endpoint and initiate forensic analysis which significantly reduces response time and mitigates impact. And it saves human labor that can be focused on threats of higher importance.


Unlocking Value through efficiency gains

The gains earned along this security automation continuum, from IaC to SOAR, come from eliminating manual checks and the delays caused by outdated security processes. This greater capacity, alas, will be spent on the ever-increasing volume of threats as the bad guys have been faster to adopt automation. But in the end, broader business value is created through increased operational capacity and efficiency which has security embedded.


Check back for the next part "How Identity Based Security lays the foundation for Zero Trust."

Comments


bottom of page